| 1.1. Cyberoam iView Presentation |
| 1.3.1. Cyberoam iView - Introduction |
| 1.3.1.1. What is Cyberoam iView ? |
Applicable to : On Cyberoam Appliance, Open Source Software, Appliance
Cyberoam iView is a logging and reporting solution that provides organizations with visibility into their networks for high levels of security, data confidentiality while meeting the requirements of regulatory compliance.
With Cyberoam iView, organizations receive logs and reports related to network activities, intrusions, attacks, spam and blocked attempts, both internal and external, enabling them to take rapid action throughout their network.
Cyberoam iView comes in three flavors.
· On-Appliance Cyberoam iView – An integral part of Cyberoam security appliances.
· Open Source Cyberoam iView – A Software which can be installed on Windows and Linux.
· Cyberoam iView Appliance – A dedicated appliance for logging and reporting.
Given below is the matrix showing flavor-wise feature availability.
Feature
|
On-Appliance Cyberoam iView
|
Open Source Cyberoam iView
|
Cyberoam iView Appliance
|
Reporting for multiple Cyberoam security appliances
|
No
|
Yes
|
Yes
|
Reporting for other Networking solutions
|
No
|
Yes. Offers reports for following Networking Solutions:
UTM:
· SonicWALL
· FortiGate
· Cisco ASA
Proxy:
· Squid
Linux Firewall:
· Netfilter
Web Server:
· Apache
Smart Wireless Router:
· NetGenie
Billing and Bandwidth Management Solution:
· 24Online
Endpoint Security:
· eScan
|
Yes. Offers reports for following Networking Solutions:
UTM:
· SonicWALL
· FortiGate
· Cisco ASA
Proxy:
· Squid
Linux Firewall:
· Netfilter
Web Server:
· Apache
Smart Wireless Router:
· NetGenie
Billing and Bandwidth Management Solution:
· 24Online
Endpoint Security:
· eScan
|
Reporting across multiple devices and multiple locations
|
No
|
Yes
|
Yes
|
Report Bookmarks and Bookmark Groups
|
Yes
|
Yes
|
Yes
|
Report Custom View
|
Yes
|
Yes
|
Yes
|
Trend Reports
|
Yes
|
Yes
|
Yes
|
Integration with ConnectWise
|
Yes
|
No
|
No
|
Applications and Application Groups
|
No
|
Yes
|
Yes
|
User Management
|
No
|
Yes
|
Yes
|
Email Notification
|
Yes
|
Yes
|
Yes
|
Export Reports
|
PDF, MS-Excel and HTML Export
|
PDF and MS-Excel Export
|
PDF and MS-Excel Export
|
Data Management
|
Yes
|
Yes
|
Yes
|
Manual Purge
|
Yes
|
No
|
No
|
Disk Usage Limit Setting
|
No
|
Yes
|
Yes
|
Chart Preferences
|
Yes
|
No
|
No
|
Custom Logo
|
Yes
|
No
|
No
|
Backup and Restore
|
No
|
Yes
|
Yes
|
Audit Logs
|
No
|
Yes
|
Yes
|
Logs Archives
|
No
|
Yes
|
Yes
|
Compliance Reports
|
Yes
|
Yes
|
Yes
|
Document Version: 1.0 – 11 February, 2014
|
| 1.3.2. Open Source Cyberoam iView - Download and Installation |
| 1.3.2.1. From where do I download Open Source iView? |
Applicable to : Open Source Software
Document Version: 1.0 – 11 February, 2014
|
| 1.3.2.2. What is the hardware requirement to install Cyberoam iView? |
Applicable to : Open Source Software
Given below is the table of hardware specification to install Cyberoam iView:
| Component | Recommendation |
| Processor | Pentium IV with 2GHz |
| RAM | 2GB (Minimum) |
| Hard Disk Drive | SATA or SCSI hard disk with minimum 30GB disk space |
Document Version: 1.0 – 11 February, 2014
|
| 1.3.2.3. Can I install Cyberoam iView on Linux? |
Applicable to : Open Source Software
Yes, Cyberoam iView has two installers one for Windows and one for Linux. Given below is the list of versions supported:
Windows:
Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 7
Linux:
Fedora 10+
Opensuse 11
Debian 5.3
PCLinux 2009
Ubuntu 12
Document Version: 1.0 – 11 February, 2014
|
| 1.3.2.4. How do I install Cyberoam iView on Linux? |
|
Document Version: 1.0 – 11 February, 2014
|
| 1.3.2.5. What is the procedure to install Cyberoam iView on Windows? |
|
Document Version: 1.0 – 11 February, 2014
|
| 1.3.2.6. How does Cyberoam iView collect logs from various devices? |
Applicable to : Open Source Software, Appliance
Cyberoam collects logs from multiple appliances placed at various geographical locations using Syslog.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.3. Cyberoam iView Appliance Upgrade |
Applicable to : Appliance
This article explains step by step procedure to upgrade Cyberoam iView appliance.
Step 1: Logon to Cyberoam iView using root user credentials through console.
Step 2: Change the PWD to var.
Step 3: Download upgrade patch from below URL using following command:
[root@iview var]# wget http://sourceforge.net/projects/cyberoam-iview/files/iView-Patches/
Step 4: Use ‘ls’ command to verify the downloaded patch.
Step 5: Use following command to start upgrade process:
[root@iview var]# chmod 755 iView-linux-0.126.bin
[root@iview var]# ./iView-linux-0.126.bin
Step 6: Use following command to verify the current version running on Cyberoam iView:
[root@iview var]# psql -d iviewdb -U postgres -c "select * from tbliviewconfig;"
Document Version: 1.0 – 12 September, 2014 |
| 1.3.4. Accessing Cyberoam iView |
| 1.3.4.1. What is the concept of role- based administration in Cyberoam iView? |
Applicable to : Open Source Software, Appliance
Cyberoam iView supports three types of user roles with different privileges
· Super Admin – Default account with username admin. No additional account can be created.
· Admin – Only administrator with the Super Admin role can add and update Admin roles
· Viewer – Administrator with Super Admin and Admin roles can add and Viewer roles
Given below is the previlege matrix associated with Cyberoam iView users:
|
Super Admin
For all the devices
|
Admin
Only for assigned devices
|
Viewer
Only for assigned device
|
|
Add
|
Update
|
Delete
|
View
|
Add
|
Update
|
Delete
|
View
|
Add
|
Update
|
Delete
|
View
|
Mail Server Configuration
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
User Management
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
Device Management
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
Device Group Management
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
Application category
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
Custom View
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
Report Notification Settings
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
Data Management
|
Y
|
Y
|
Y
|
Y
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
N
|
Bookmark Management
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
Y
|
N
|
Y
|
Logs
|
-
|
Y
|
-
|
Y
|
-
|
N
|
-
|
N
|
-
|
N
|
-
|
N
|
Syslog Server Port
|
-
|
Y
|
-
|
Y
|
-
|
N
|
-
|
N
|
-
|
N
|
-
|
N
|
Backup and Restore Index
|
-
|
Y
|
-
|
Y
|
-
|
N
|
-
|
N
|
-
|
N
|
-
|
N
|
Disk Usage Limit
|
-
|
Y
|
-
|
Y
|
-
|
N
|
-
|
N
|
-
|
N
|
-
|
N
|
Audit Logs
|
-
|
-
|
-
|
Y
|
-
|
-
|
-
|
Y
|
-
|
-
|
-
|
N
|
|
Super Admin
For all the devices
|
Admin
Only for assigned devices
|
Viewer
Only for assigned device
|
Load and Search Archive
|
Y
|
Y
|
N
|
Unload, Backup and Restore Archive Files
|
Y
|
Y
|
N
|
View Live Logs
|
Y
|
Y
|
N
|
View and Search Reports
|
Y
|
Y
|
Y
|
DashboardsMain, Device, User, Host, Email Address, iView)
|
Y
|
Y
|
Y
|
Document Version: 1.0 – 11 February, 2014
|
| 1.3.4.2. How can I access Cyberoam iView after successful installation? |
Applicable to : Open Source Software
You need to browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local machine>:8000 then log on using default username ‘admin’ and password specified at the time of installation.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.4.3. Which browsers are supported by Cyberoam iView? |
Applicable to : On Cyberoam Appliance, Open Source Software, Appliance
Cyberoam iView can be accessed through following browsers:
· Microsoft Internet Explorer 8+
· Mozilla Firefox 3.0
· Google Chrome
· Safari 5.1.2(7534.52.7)+
· Opera 15.0.1147.141+
We recommend Mozilla Firefox 3.0 with resolution 1024 X 768 or more for the best view.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.5. Open Source Cyberoam iView - Device and Device Group |
| 1.3.5.1. How can I integrate a device with Cyberoam iView to generate reports ? |
Applicable to : Open Source Software, Hardware Appliance
There are two ways to integrate a device with Cyberoam iView:
1. Auto-discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new device is discovered; else, the Main Dashboard is displayed.
This prompt will be displayed every time Super Admin logs in until she takes action on the newly discovered device.
2. Add Device (manually)
Go to System > Configuration > Device and click Add button to add a new device in Cyberoam iView.
Specify Device ID, Device Name, IP Address, Device Type and set status of device as ‘Active’ to start receiving logs from the added device.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.5.2. How to start receiving logs from added device? |
Applicable to : Open Source Software, Appliance
To start receiving logs from the added device you need to change the status of the device to ‘Active’.
1. Go to System > Configuration > Device.
2. Select ‘Active’ under status column to activate the device.
Cyberoam iView will start receiving logs from the added device within 5 minutes.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.5.3. What is the meaning of device status ‘Active’ and ‘Deactive’? |
Applicable to : Open Source Software, Appliance
There are two possible device status in Cyberoam iView:
· Active: Cyberoam iView is accepting logs sent by the device.
· Deactive: Cyberoam iView is rejecting logs sent by the device.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.5.4. Can I check whether the logs are coming from a device or not? |
Applicable to : Open Source Software, Appliance
Yes, Cyberoam iView provides option of Live Archive Logs, which provides real view of incoming logs.
To view whether the device is sending logs or not go to System > Archive > Live Logs and select device to view real time incoming logs.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.5.5. Can I group various devices to get consolidated reports? |
Applicable to : Open Source Software, Appliance
Yes, you can create group of devices based on device type, device model and geographical location, Cyberoam iView provides consolidated reports for the created device groups.
Document Version: 1.0 – 11 February, 2014
|
| 1.3.5.6. Does Cyberoam iView keep logs of deleted device? |
Applicable to : On Cyberoam Appliance, Open Source Software, Appliance
Cyberoam iView keeps logs of all devices to meet compliance requirement. One can configure retention period of logs from data management section
Document Version: 1.0 – 11 February, 2014. |
| 1.3.6. Open Source Cyberoam iView - Applications and Application Groups |
|
| 1.3.6.1. What does an application mean in Cyberoam iView? |
Applicable to : Open Source Software, Appliance
Application is a unique combination of protocol and port number through which the protocol is identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080.
If application is not defined in Cyberoam iView then instead of application name, protocol and port number will be displayed in Reports.
Document Version: 1.0 – 12 February, 2014
|
| 1.3.6.2. Can I add single application in multiple application groups? |
Applicable to : Open Source Software, Appliance
An application cannot be the member of multiple application groups.
To change the group membership, first remove an application from the current group and then add in the other application group.
Document Version: 1.0 – 12 February, 2014
|
| 1.3.7.1. What is the meaning of ‘N/A’ displayed in Cyberoam iView Reports |
Applicable to : On Cyberoam Appliance, Open Source Software, ApplianceGiven below are the probable reasons of ‘N/A’ displayed in Cyberoam iView reports:
1. Monitored device does not send log data for particular report field.
2. Monitored device does not have particular report field defined in it.
While ‘N/A’ in Username user based reports indicates that either the traffic is generated by a clientless user or the firewall rule is not applied on the user.
Document Version: 1.0 – 19 February, 2014 |
| 1.3.7.2. Why do we see multiple Reports for IP Address 0.0.0.0? |
Applicable Format: Open Source Software, Appliance
DHCP Clients send DHCP Request packets that are marked with Source IP as 0.0.0.0. If DHCP Server is not configured in monitored device, it does not reply to DHCP requests, and hence drops these packets. This drop event is recorded as under Top Denied Hosts in Reports > Blocked Applications > Top Denied Hosts.
Document Version: 1.0 – 31 January, 2014
|
| 1.3.7.3. How to view Firewall Rule based reports in iView? |
Applicable Format – Software and Hardware
You can view Firewall Rule based reports by following the steps given below.
1. Login to iView using Administrator credentials.
2. Go to Reports à Source Host Based Usage à Top Rules. The Firewall Rules with maximum number of hits are displayed.
3. Click the desired rule to view its detailed report of Firewall Rule. For example, we have clicked Rule ID 710.
Document Version: 1.0 – 13/04/2012
|
| 1.3.7.4. What does Main Dashboard show? |
Applicable Format - Software and Hardware
When you login to Cyberoam iView, it provides you with Main dashboard. The page displays consolidated allow and deny traffic statistics for all the monitored devices in graphical as well tabular form where number of displayed devices can vary as per your user type. |
| 1.3.7.5. I want to know about the traffic generated by a specific source host, how can I get this information? |
Applicable Format - Software and Hardware
You can get the required information from Source Host dashboard.
To access Source Host dashboard logon to Web Admin console and go to Dashboards®Custom Dashboard.
Select criterion as Source host and enter the IP address of the host to get complete information of the host. |
| 1.3.7.6. How can I get information regarding resource utilization by Cyberoam iView? |
Applicable Format - Software
Cyberoam iView Dashboard is the answer of your question.
Logon to Cyberoam iView and go to Dashboard®iView Dashboard.
It will show you all the important resource utilization parameters like memory usage, disk usage and CPU usage of Cyberoam iView.
|
| 1.3.7.7. How can I get visibility of a particular user's Internet behavior? |
Applicable to : Open Source Software, Appliance
You can view all Internet activities of a particular user from single page of User Dashboard.
It gives in-depth visibility of user Internet behavior which includes Application, Web and FTP Usage along with Blocked Web and Applications attempts.
Logon to Web admin console and go to Dashboard > Custom Dashboard.
Select criterion as username and enter the username to get complete information of the user.
Document Version: 1.0 – 05 March, 2014
|
| 1.3.7.8. Can I have a comprehensive view of user’s email activities? |
Applicable Format - Software and Hardware
Yes, you can have detail information of user’s email activities with the help of Email Address dashboard.
Logon to Web Admin console and go to Dashboards®Custom Dashboard.
Select criterion as email address and enter the email address of the user to get complete information. |
| 1.3.7.9. What is custom view of report? |
Applicable Format - Software and Hardware
Custom view of reports is a group of the most pertinent reports that requires the special attention for managing the devices.
Reports from different report groups can also be grouped in a single view.
To create a custom view logon to Web admin console and go to System ® Configuration ® Custom View
|
| 1.3.7.10. How can I schedule reports in Cyberoam iView? |
Applicable Format - Software and Hardware
Given below are the steps to schedule reports in Cyberoam iView:
Configure Mail Server
· Logon to Web admin console and go to System ® Configuration ® Mail Server.
· Specify mail server IP address and port number.
· Specify 'from' email address.
· Specify username and password in case of SMTP authentication and click Save button.
Add Report Notification
· Logon to Web admin console and go to System ® Configuration ® Report Notification.
· Click Add button to add report notification.
· Specify name of the report notification.
· Specify ‘To email address’
· Select report to be sent from the report group
· Select device(s) from the list of devices.
· Set email frequency and click Add button
Selected reports will be sent in PDF format. |
| 1.3.8. Open Source Cyberoam iView - Audit Logs |
| 1.3.8.1. What are the categories for which audit logs can be viewed? |
Applicable Format - Software and Hardware
Given below is the list of different audit log categories with corresponding events:
Category
|
Event Logs for
|
Mail
|
SMTP server configuration update
|
Add Report Notification
|
Update Report Notification
|
Delete Report Notification
|
| Sent report notification |
| User | User Login |
| User Log out |
| Add User |
| Update User |
| Delete User |
| Device | Add Device |
| Update Device |
| Delete Device |
| Add Device Group |
| Update Device Group |
| Delete Device Group |
| Application | Add Application Identifier |
| Delete Application Identifier |
| Add Application |
| Update Application |
| Delete Application |
| Add Application Group |
| Update Application Group |
| Delete Application Group |
| Reset to Default |
| Views | Unauthorized access to web pages |
| Data | Archived Logs |
| Detail Table |
| Summary Table |
| Report | Add Custom View |
| Update Custom View |
| Delete Custom View |
|
| 1.3.8.2. What is the meaning of different severity levels displayed in audit logs? |
Applicable Format - Software and Hardware
Given below is the list of different severity levels with corresponding meaning:
· Emergency : System is not usable
· Alert: Action must be taken immediately
· Critical: Critical condition
· Error: Error condition
· Warning: Warning condition
· Notice: Normal but significant condition
· Info: Informational
· Debug: Debug-level messages
|
| 1.3.9. Open Source Cyberoam iView - Logs Archives |
| 1.3.9.1. What is the meaning and need of archive logs? |
Applicable Format - Software and Hardware
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be configured from the System → Configuration→ Data Management page.
For further details, refer to Data Management section of Administrator Guide. |
| 1.3.9.2. What is the meaning of various operations displayed under Action column? |
Applicable Format - Software and Hardware
Action column of Archive section displays various operations that can be performed on archive files. Given below is the name and description of the operations:
· Load: Load archived file from your local drive to the Cyberoam iView database.
· Unload: Unload archived file from Cyberoam iView database.
· Search: Perform a refined search based on multiple criteria.
· Backup: Take backup of selected file on the machine on which Cyberoam iView is installed.
|
| 1.3.9.3. Why the checkbox against one of the file in archive section is disabled? |
Applicable Format - Software and Hardware
Cyberoam iView stores archived data for a specified day in four files and each file contains data for 6 hours. You can perform various actions on the archived files e.g, load, unload, search and backup.
There are two possibilities for displaying disabled checkbox:
· The archive file is not created yet
· The file is loaded to Cyberoam iView database in this case selected disabled checkbox will be displayed.
Please note that you need to load the archive file in Cyberoam iView database to perform unload and search operations. |
|
